by Philip Lieberman - President at Lieberman Software - Tuesday, 16 October 2012.

Not only has landing a job become more difficult; it's also getting harder to get promoted once you have the job. Here are some tips to getting ahead in today's competitive, cutting-edge world of IT security.

1. Make your company look good

Raise the profile of IT security within the company

Some departments within your company will have a higher profile than others. This is often just because of the nature of the departments' personnel. The sales team is a good example because they tend to be extroverts and geared at self-promotion. Make sure that the job the IT security department is doing is publicised within the company. This means that simple things, such as the new software which has been deployed to make the company safer or any new staff who are being hired with particularly good backgrounds or who have been poached from ‘big brand companies’, should be publicised in the staff newsletter, round robins, e-mails and by talking to the big boss when you happen to bump into him.

Make it harder for information to leak out of the company

It was the case until only recently that information within most enterprises was kept within silos. The advantage was that information was on a ‘need-to-know basis’. It became apparent, however, that a drawback was that information was being withheld from other departments that needed it. As a result, silos have dissolved in many organizations and new flat management structures enable information to flow across the entire enterprise.

However, with so much sensitive data accessible to so many people, suddenly you face a greater risk of damaging breaches and are vulnerable to greater data losses when a breach does occur. That's why it's essential to maintain silos for your organization's most sensitive data, yet ensure that you can give access to those who need it.

Keep your company out of the news

It seems like hardly a day goes by without a data breach making the news — be sure that your company is not making the headlines for all the wrong reasons by doing everything within your power to protect your data.

Always remember that proper IT security involves multiple layers of protection. Ensuring that the perimeter is secure is not enough. You will have to make sure that all employees are fully trained and that their managers are not allowing bad practices such as sharing passwords. ‘Super users’ with heightened privileges should be audited and delegated through a privileged identity management system to regulate who can access those powerful logins that grant access to an organization’s most sensitive data.

Make sure your company passes its IT security audit

Senior management may simply assume that the organisation will pass its IT security audits. Failing to do so will take up management’s time in planning remedial action, not to mention untold hours of additional work for IT staff.

Start preparing in advance to make sure that your audit is passed first time every time with flying colours. Meanwhile publish internally the details of all data breaches and gaffes you find by those in your industry. Never gloat about competitors' missteps, but rather make sure that the staff follow your simple rules and that management knows you're establishing the right processes for the benefit of the organisation. Your validation of continuous compliance can be the IT audit – organised by you!

Make sure the organisation is compliant with all relevant and updated government, federal and international laws

This is becoming more and more important, particularly as organisations such as the European Union Commission plan to hit enterprises that suffer data losses with huge fines. The IT security landscape will soon be one where breaches are not purely just a PR disaster, but a financial disaster as well. Your job, as well as your promotion, depends upon steering clear of this elephant trap.

Spotlight

Microsoft Edge, the new browser in Windows 10, represents a significant increase in the security over Internet Explorer. However, there are also new potential threat vectors that aren’t present in older versions.

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Sun Tzu's writings have been studied throughout the ages by professional militaries and can used to not only answer the question of whether or not we are in a cyberwar, but how one can fight a cyber-battle.

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.